feat: Add explicit AI Gateway provider support and fix Cloudflare Access auth#61
Open
redf0x1 wants to merge 3 commits intocloudflare:mainfrom
Open
feat: Add explicit AI Gateway provider support and fix Cloudflare Access auth#61redf0x1 wants to merge 3 commits intocloudflare:mainfrom
redf0x1 wants to merge 3 commits intocloudflare:mainfrom
Conversation
Security: - Redact API keys in container logs - Redact sensitive data in /debug/container-config endpoint Features: - Add AI_GATEWAY_PROVIDER env var for explicit provider type override - Add AI_GATEWAY_MODEL env var for custom model name - Runtime validation with graceful fallback on invalid inputs Use Cases: This enables OpenAI-compatible endpoints that don't use /openai suffix: - Local LLM servers (Ollama, LM Studio, vLLM) - API gateways (LiteLLM, OpenRouter, Portkey) - Internal proxy endpoints - Cost optimization proxies Tests: - Add 8 test cases for provider/model validation (71 total) Docs: - Update README with new environment variables
## Changes - Add AI_GATEWAY_PROVIDER for explicit OpenAI/Anthropic selection - Add AI_GATEWAY_MODEL for custom model names - Add AI_GATEWAY_API_FORMAT for openai-completions/openai-responses API type - Fix Cloudflare Access domain normalization (add .cloudflareaccess.com suffix) - Add normalizeTeamDomain() helper shared between jwt.ts and middleware.ts - Fix OpenAI provider config to include apiKey (required for custom baseUrl) - Add comprehensive tests for new env.ts logic ## Security - Redact API keys in debug endpoints and container logs - No sensitive data exposed in /debug/env or container config ## Breaking Changes - None (backward compatible with existing configs) Tested with custom OpenAI-compatible API gateway
There was a problem hiding this comment.
Pull request overview
This PR adds support for custom OpenAI-compatible API gateways with explicit provider selection and fixes Cloudflare Access authentication by automatically appending .cloudflareaccess.com to team domains.
Changes:
- Added three new environment variables for AI Gateway configuration:
AI_GATEWAY_PROVIDER,AI_GATEWAY_MODEL, andAI_GATEWAY_API_FORMAT - Implemented
normalizeTeamDomain()helper to automatically append.cloudflareaccess.comto team domain names - Added security improvements by redacting API keys in debug endpoints and logs
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| start-moltbot.sh | Added provider detection logic, custom model support, API format configuration, and API key redaction in logs |
| src/types.ts | Added type definitions for new AI Gateway configuration environment variables |
| src/routes/debug.ts | Added comprehensive API key redaction for debug endpoints |
| src/gateway/env.ts | Added validation and pass-through logic for new environment variables |
| src/gateway/env.test.ts | Added comprehensive test coverage for new provider override and model configuration features |
| src/auth/middleware.ts | Updated to use normalizeTeamDomain for login redirect URLs |
| src/auth/jwt.ts | Added normalizeTeamDomain helper function for Cloudflare Access team domain handling |
| src/auth/middleware.test.ts | Updated test expectations to reflect normalized team domains |
| README.md | Updated documentation with new environment variables and examples |
| package-lock.json | Updated with optional dependencies and peer dependency markers |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Redact sensitive channel tokens in config debug output - Add validation for AI_GATEWAY_API_FORMAT values - Add tests for normalizeTeamDomain() function - Add test for AI_GATEWAY_API_FORMAT passthrough - Fix normalizeTeamDomain() to strip https:// prefix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds support for custom OpenAI-compatible API gateways and fixes Cloudflare Access authentication issues.
Changes
AI Gateway Configuration
AI_GATEWAY_PROVIDERenv var for explicit OpenAI/Anthropic provider selectionAI_GATEWAY_MODELenv var to specify custom model namesAI_GATEWAY_API_FORMATenv var to choose API type (openai-completions or openai-responses)Cloudflare Access Fixes
Security
Testing
Breaking Changes
None - backward compatible